Countless devices globally depend on a commonly used Bluetooth-Wi-Fi chip that harbors unacknowledged “concealed commands.” A caution from researchers highlights the potential exploitation of these commands for memory manipulation, device impersonation, and circumvention of security protocols.
The ESP32, produced by a Chinese firm named Espressif, stands as a microcontroller facilitating Bluetooth and Wi-Fi connections in a plethora of smart gadgets like smartphones, laptops, smart locks, and medical devices. Its attractiveness stems in part from its economical pricing, with units available for a nominal sum.
Hidden Bluetooth commands and possible threats
A revelation by the security team at Tarlogic unveils 29 unrecorded Host Controller Interface commands within the ESP32’s Bluetooth firmware. These commands grant extensive control over several Bluetooth functions such as memory read/write, MAC address alteration, and malware packet addition, as reported by Bleeping Computer from Tarlogic’s RootedCON presentation.
SEE: Zscaler Report: Mobile, IoT, and OT Cyber Threats Surged in 2024
Though these functionalities are not inherently malicious, malevolent elements could potentially misuse them for executing impersonation schemes, embedding secret entrances, or tweaking device activity — all bypassing surveillance by code audits. Such scenarios might culminate in a supply chain strike affecting other smart devices.
“Determined elements could masquerade as recognized devices to link with mobile phones, computers, and smart gadgets, even if they stay offline,” stated the Tarlogic researchers in a blog post. “For what reasons? To extract confidential data stored within, infiltrate private and professional dialogues, and snoop on citizens and firms.”
What are the obstacles for utilizing these threats?
Despite the dangers, there exist hurdles for deploying these commands, setting them apart from standard backdoor susceptibilities. Perpetrators would necessitate physical access to the smart gadget’s USB or UART interface, or should have already hacked the firmware through pilfered root access, pre-installed malware, or other loopholes to remotely exploit these commands.
What awaits in the future?
Security experts Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic unearthed the vulnerable HCI commands utilizing BluetoothUSB, a costless hardware-neutral, cross-platform utility facilitating Bluetooth data access for security evaluations and tests.
These concealed commands likely constitute hardware-debugging Opcode instructions inadvertently exposed; TechRepublic has reached out to Espressif for confirmation, though the company remains unresponsive at the time of writing. Their feedback will be pivotal in determining if firmware updates or coping strategies will be rolled out to safeguard the influenced devices.
About Author
